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DETAILED ACTION 
Response to Amendment 

1 . The amendment filed on January 30, 2006 added no claims, cancelled no claims, and 
amended no claims. The currently pending claims considered below are Claims 13-27. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 13-27 are rejected under 35 U.S.C. 102(e) as being anticipated by Challener et al 
(6,081,793). 

Claims 13, 15, 17, 21-24: Challener discloses a system, apparatus, and program for 
electronic voting, comprising: 

a. A processor (Item 55, Figure 2b); 

b. Instructions to cause the processor to perform the steps of: 



Application/Control Number: 09/635,778 Page 3 

Art Unit: 3622 

1 . Receiving a voter registration request message (ballot request) that will bind 
vote authorization data (voter identification and PIN) and a blinded 
unvalidated vote certificate (ballot)(col 6, line 65 - col 7, line 4); 

2. Determine if the vote authorization data is valid (col 7, lines 4-16); 

3. Validating the blinded unvalidated vote certificate to obtain a blinded vote 
certificate if the vote authorization data is valid (col 7, lines 4-16); and 

4. Sending a response message to the voter that includes the blinded validated 
vote certificate (certified ballot) atomically bound to the voter registration 
request message (col 7, lines 4-16); and 

c. Memory coupled to the processor (col 3, lines 30-35). 

The Examiner notes that Challener discloses that the user receives a smart card when 
registering to vote. The smart card contains the voter identification, public encryption key, a 
ballot box ID, and a PIN number for the voter (i.e. vote authorization data). On election day, 
the voter places his smart card in a smart card reader of the authentication server at the 
polling station and enters his PIN number to validate his identity which generates a "ballot 
request". The Examiner considers the entering of the smart card information and the PIN 
number and the resultant ballot request to be the equivalent of the claimed voter registration 
request message. The authentication server uses the PIN number to determine if the smart 
card information (vote authorization data) is valid. If the vote authorization data is valid, the 
polling station selects a ballot ID, encrypts it along with the voter authorization data and 
"sends the encrypted ballot, and the ballot ID, to the voter's personal computer" (col 8, lines 
1-9). The voter then decrypts the ballot with the smart card encryption key, enters his 
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selections onto the ballot, re-encrypts the ballot using the smart card encryption key, and 
returns the encrypted ballot to the voting system. The system uses at least two servers, each 
able to decrypt only a portion of the encrypted ballot to maintain the anonymity of the voter, 
while also allowing for the verification of the vote, if necessary. Thus, Challener uses 
blinded encryption methods. The Examiner considers the initial ballot selected by the polling 
station to be the equivalent of the claimed blinded unvalidated voter certificate; the encrypted 
ballot sent to the voter's personal computer as the blinded validated voter certificate. 

Claims 14, 16, and 18: Challener discloses an apparatus for electronic voting as in Claims 
13, 15, and 17 above, and further inherently discloses the certificate indicating a yes or no 
vote (col 1, lines 11-15). The Examiner notes that ballots contain one or more questions to 
which the voter may make one or more selections based on his desires. Each of these 
selections is a vote for or against the topic of the question - whether it is a "for" (yes) or 
"against" (no) vote on a local tax levy proposition, "for" (yes) or "against" (no) the 
Presidential candidates, or "for" (yes) or "against" (no) several candidates running for several 
open councilmen positions. In each case, the completed ballot indicates the voter's yes or no 
votes. 

Claim 19: Challener discloses an apparatus for electronic voting, comprising: 

a. A processor (Item 55, Figure 2b); 

b. Instructions to cause the processor to perform the steps of: 
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1 . Receiving a voter registration request message (ballot request) that will 
bind vote authorization data (voter identification and PIN) and a 
blinded unvalidated vote certificate (ballot)(col 6, line 65 - col 7, line 4); 

2. Determine if the vote authorization data is valid (col 7, lines 4-16); 

3. Validating the blinded unvalidated vote certificate to obtain a blinded vote 
certificate if the vote authorization data is valid (col 7, lines 4-16); and 

4. Sending a response message to the voter that includes the blinded 
validated vote certificate (certified ballot) atomically bound to the voter 
registration request message (col 7, lines 4-16); and 

c. Memory coupled to the processor (col 3, lines 30-35). 

The Examiner notes that Challener discloses that the user receives a smart card 
when registering to vote. The smart card contains the voter identification, public encryption 
key, a ballot box ID, and a PIN number for the voter (i.e. vote authorization data). On 
election day, the voter places his smart card in a smart card reader of the authentication 
server at the polling station and enters his PIN number to validate his identity which 
generates a "ballot request". The Examiner considers the entering of the smart card 
information and the PIN number and the resultant ballot request to be the equivalent of the 
claimed voter registration request message. The authentication server uses the PIN number 
to determine if the smart card information (vote authorization data) is valid. If the vote 
authorization data is valid, the polling station selects a ballot ID, encrypts it along with the 
voter authorization data and "sends the encrypted ballot, and the ballot ID, to the voter's 
personal computer" (col 8, lines 1-9). The voter then decrypts the ballot with the smart card 
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encryption key, enters his selections onto the ballot, re-encrypts the ballot using the smart 
card encryption key, and returns the encrypted ballot to the voting system. The system uses 
at least two servers, each able to decrypt only a portion of the encrypted ballot to maintain 
the anonymity of the voter, while also allowing for the verification of the vote, if necessary. 
Thus, Challener uses blinded encryption methods. The Examiner considers the initial ballot 
selected by the polling station to be the equivalent of the claimed blinded unvalidated voter 
certificate; the encrypted ballot sent to the voter's personal computer as the blinded validated 
voter certificate. 

Challener also discloses methods to tabulate, correct, or challenge the votes 
through the use of a journal server which keeps track of each vote as it is being entered. To 
correct a vote, the voter again enters his PIN number and smart card data (which includes the 
validated ballot)(i.e. "receives a second voting transaction message)", the system revalidates 
the voter (ballot)(i.e. "determines if the second voting transaction message has the same 
nonce, session key, and blinding factor" as the previous stored ballot); and retrieves the 
previously stored ballot if the second request message is valid (col 10, line 51 - col 1 1, line 
37). 

Claim 20: Challener discloses an apparatus for electronic voting as in Claim 19 
above, and further inherently discloses the certificate indicating a yes or no vote (col 1 , lines 
11-15). The Examiner notes that ballots contain one or more questions to which the voter 
may make one or more selections based on his desires. Each of these selections is a vote for 
or against the topic of the question - whether it is a "for" (yes) or "against" (no) vote on a 
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local tax levy proposition, "for" (yes) or "against" (no) the Presidential candidates, or "for" 
(yes) or "against" (no) several candidates running for several open councilmen positions. In 
each case, the completed ballot indicates the voter's yes or no votes. 

Claims 25-27: Challener discloses a system for electronic voting as in Claim 24 
above, and further discloses means for auditing, initializing, and recovering from an 
interruption in an electronic voting transaction (col 10, line 51 - col 1 1, line 37). 

Response to Arguments 

4 Applicant's arguments filed January 30, 2006 have been fully considered but they are 

not persuasive. The applicant argues that the Challener et al . reference does not disclose or 
suggest any type of electronic transaction processor that "atomically binds" a first element to 
a second element, and in forming a response transmits a first element "atomically bound" to a 
second element. However, Challener et al (Col 6, line 65 through Col 7, line 37) specifically 
teach such binding. Challener et al. discloses a user that authenticates to a system using a 
PIN number. An authentication server authenticates the PIN number. Once authentication is 
achieved the Voter ID number is bound to a specific ballot number. This bound association 
is saved in the data processing records, and a bound ballot is distributed to the voter. 

The examiner is considering the term atomically in relation to concurrent 
programming and operating systems (An atomic operation appears to take effect at some 
instant during its execution and no other operation observes intermediate states). As 
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described above, an atomic binding occurs during the process of validating the PIN number, 
and associating Voter ID number with a specific ballot number. 

While in one embodiment the applicant is using a hashed nonce to perform atomic 
binding, such a technique is not an exclusive method for doing such. A nonce is simply a 
number used once. This number is often a pseudo-random number that is issued in an 
authentication protocol to ensure that old communications are not reused (i.e. the voter can 
only vote once). The use of a nonce is well known in the security community as one of many 
possible techniques for assisting in authentication. While the Challener et al reference does 
not explicitly use the term nonce, the examiner notes that on Col 7, lines 15-19 that the 
disclosed system marks the ballot number and voter ID as being "used", thus preventing that 
particular voter from voting again in this election. Therefore, the voter ID number can only 
be used once and a nonce has been achieved and is inherently disclosed in Challener et al . 

Conclusion 

5 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant to 
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37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 



examiner should be directed to John Van Bramer whose telephone number is (571) 272- 
8198. The examiner can normally be reached on 9am - 5pm Monday through Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Eric Stamber can be reached on (571) 272-6724. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access 
to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 
(toll-free). 



Any inquiry concerning this communication or earlier communications from the 
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